Technology news and Jobs arrow Information Technology News arrow Firefox 2.0.0.10 patches high-impact security flaws
Firefox 2.0.0.10 patches high-impact security flaws E-mail
by Stephen Withers   
Wednesday, 28 November 2007
The latest release of the popular Firefox open source web browser fixes a trio of security flaws described by Mozilla as being of high impact.
The delivery of the update follows a 'test day' last Friday that was intended to shake out any issues that remained in the release candidate.

Firefox 2.0.0.10 restricts the jar: URI scheme to files delivered with a MIME type of application/java-archive or application/x-jar to avoid trusting non-Java content that could be used in cross-site scripting attacks. The flaw had been exploited to steal Gmail contact lists.

Another specific issue corrected by the update blocks a way of carrying out cross-site request forgery attack on sites by generating a fake HTTP Referrer header.

Also patched are three bugs that had been shown to cause memory corruption in some circumstances and that could potentially be exploited to execute arbitrary code.

No other changes were made to the application.

The update is being pushed out to Firefox users, or the new version can be downloaded from Mozilla.com.

Please enable JavaScript in your browser to post your comment!

Tags See All Tags


Browsers  Open Source  Security  Software  Stephen Withers  Web 

Get stories like this delivered daily - FREE - subscribe now
 
< Next story in category   Previous story in the category >
iTWire user statistics Visitors last 30 days
Suscribers		 904,266
13,751
#1 independent technology news advertise here
  •   *  
  • Search
  • AdvSeach
  • Login
  • Events
  • FreeStuff
Subscribe to our free e-newsletter

iTWire and you

Contact , Register , Links , About iTWire , Feedback , Post your jobs , Events , iTWire site map , Start Blogging , MyBlogLog page , Advertise with iTWire